TransUnion hackers leak Cell C and ANC member databases!

Apr 7, 2022

The group claiming responsibility for the attack on TransUnion, N4ughtySecTU, has posted a Cell C customer database as part of a series of leaks to prove their claims.

They have also posted a database containing the personal data of ANC members.

Both databases contain names, ID numbers, and cellphone numbers.

While the ANC database contains limited physical address information, the Cell C dataset includes email addresses, some physical addresses, and bank account information.

The ANC database contains 1,211,447 records, and Cell C’s leaked contract subscriber database contains 1,809,497 records.

According to the metadata of the leaked files, the ANC database is from 21 August 2017, while the Cell C database is dated 3 October 2010.

N4ughtySecTU first informed media that it had infiltrated a TransUnion South Africa fileserver last week.

The group, which claims to be based in Brazil, said they broke in by brute-force guessing usernames and passwords until they found an account whose password was “password”.

N4ughtySecTU said they made off with 4,328 gigabytes of data, including a TransUnion database for one of its products, and a Department of Home Affairs database containing the identity information of 54 million South Africans.

They have demanded $15 million (R222 million) in cryptocurrency not to leak the data.

TransUnion has maintained that the incident impacted an isolated server holding limited data from its South African business.

It initially stated that the leak only contained telephone numbers, email addresses, identity numbers, and physical addresses.

However, in publicly-posted samples, N4ughtySecTU showed that they also have bank account and vehicle registration information.

TransUnion has not answered MyBroadband’s questions about this data, only saying that it believes the 54-million record database N4ughtySecTU has is from a 2017 data incident unrelated to TransUnion.

N4ughtySecTU has disputed this and started posting an increasing amount of “samples” to prove that they obtained the data from TransUnion’s server.

This included President Cyril Ramaphosa and his wife’s identity numbers and the ID number of Julius Malema.

They have threatened to leak the personal data of President Cyril Ramaphosa and other political figures, as well as the data of judges, prosecutors, police, lawyers, and advocates.

MyBroadband contacted Cell C for comment, which explained that it relies on credit bureaus to decide on the creditworthiness of prospective customers.

“Currently, Cell C is not using TransUnion for this service and is not aware of any of their subscriber database on TransUnion being leaked previously,” a spokesperson for the company stated.

“Cell C takes the security of subscriber data very seriously and in line with privacy laws has measures in place to ensure compliance with such requirements and to mitigate risk, this includes third parties that the company deals with.”

The spokesperson said Cell C is engaging with TransUnion, which is busy investigating the breach.

“In all cases of identity theft which is currently rife in South Africa and other parts of the world, a breach can have severe implications for consumers,” Cell C said.

“Citizens are urged to always be extra vigilant at all times to guard against spearfishing and other illegal activities.” “

Cell C said that in events like these, it guides customers to apply for protective registration through South African Fraud Prevention Services (SAFPS), which could provide an additional layer of protection. The ANC did not respond to My Broadband’s request for comment.